A good compliance program is good for business and keeps you safe from legal and reputational damage.
Billing errors or fraud can lead to serious legal and financial consequences. The federal False Claims Act (FCA) says that “filing false claims may result in fines of up to three times the programs’ loss plus $11,000 per claim.” Enforcing false claims is still a top priority. For example, in FY2024, the Justice Department recovered more than $1.67 billion in healthcare fraud cases. In June 2025, a nationwide takedown charged 324 people in schemes worth $14.6 billion. Because of this, healthcare providers need to be careful. As one U.S. Attorney said, “Any claim that a provider is billing for services not actually provided will be vigorously investigated.”
What Is Incorrect Billing?
Billing incorrectly includes a lot of abusive behaviors, whether they were done on purpose or by mistake. Some common examples are:
Upcoding
Overcharging for services or E/M codes. Hospitalist companies paid $4.38 million to settle allegations of upcoding E/M codes beyond doctors’ actual performance, which increases reimbursement. Understanding modifiers in medical billing is equally important, as incorrect modifier use can lead to denials, overpayments, or allegations of improper coding.
Unbundling (“Fragmentation”)
Breaking a multi-step process into smaller, billable steps. For example, charging for each lab test in a panel separately instead of using one panel code. This wrongly raises the total amount due.
Duplicate Billing
Resubmitting a service or procedure claim multiple times. This can happen accidentally or intentionally, prompting audits. CMS prohibits duplicate line-item submissions.
Phantom Billing / Services Not Rendered
Charging for unreceived appointments or treatments. A psychiatrist settled for $501,556 after admitting he billed Medicare/Medicaid for “were not rendered” psychotherapy sessions while out of town. No matter how they originated, such claims are false.
Medically Unnecessary Services
Non-medical billing for tests or treatments. After admitting it billed federal programs for “not reasonable or medically necessary” inpatient behavioral health stays, Acadia Healthcare paid $19.85 million. Medicare/Medicaid disallows overstating severity or hospitalizing unnecessary patients.
Inadequate Documentation
Not documenting patient encounters to support billed codes. CMS audits frequently find insufficient records. One review found 20.1% of improper Medicare Part B payments had no documentation and 16.5% had “insufficient documentation”. If no chart supports the claim, it’s invalid. (One expert advised “only submit claims that are supported by the medical record”).
These practices can turn accidental billing errors into fraud allegations. Knowingly submitting or keeping a false Medicare/Medicaid claim is illegal in the U.S., so even honest mistakes can lead to liability.
Key U.S. Laws and Penalties
Healthcare billing errors can implicate a range of federal laws. Key statutes include:
False Claims Act (FCA) [31 U.S.C. §§ 3729–3733]
The FCA is the main way the government stops people from committing billing fraud. Federal health programs can’t get claims that are “false or fraudulent.” People who make false claims face harsh punishments, such as treble damages (three times the government’s loss) and a mandatory fine of about $11,000. Even if you didn’t mean to commit fraud, you could still be liable under the FCA. “Knowingly” includes behavior that is careless or willfully ignorant. The FCA lets private whistleblowers sue the government and keep 15–30% of any money they get back. This means that FCA punishments can happen if you upcode, bill for services that don’t exist, or bill for referrals that are tainted by kickbacks.
Civil Monetary Penalties Law (CMPL) [42 U.S.C. § 1320a-7a]
The HHS Office of Inspector General (OIG) enforces the CMPL, which allows for fines for a wide range of violations. For instance, submitting a claim “knowing” it is false or charging for things that aren’t covered by the CMPL is against the law. Fines for each violation range from about $10,000 to $50,000, plus assessments that are equal to several times the amount of the claim. Some common CMPL violations are filing claims for services that were not provided or paying or accepting illegal payment. For example, a doctor who is part of a kickback scheme can be fined up to $50,000 for each transaction under the CMPL (plus three times the amount of damages). One of the OIG’s punishments is to keep people from getting federal benefits.
Anti-Kickback Statute (AKS) [42 U.S.C. § 1320a-7b]
This law against crime says that you can’t offer or accept “remuneration” (in cash or kind) to get people to refer you to things or services that are covered by federal health programs. If you break the law, you could face fines, jail time, and being kicked out of Medicare/Medicaid. The AKS is very broad, so for example, regularly not charging patients their co-payments could be seen as an illegal incentive. If you break the AKS, the FCA is also responsible for claims that are tainted by kickbacks.
Physician Self-Referral Law (“Stark Law”) [42 U.S.C. § 1395nn]
Stark says that a doctor can’t send Medicare or Medicaid patients to places where the doctor (or family) has a financial interest, unless there is an exception. This law makes people strictly liable, so they don’t have to show proof of intent. Billing abuses often go hand in hand with stark violations. For example, if an ineligible referral leads to an improper claim, that claim is false under the FCA. Fines (up to about $24,000 for each false claim under current law) and being barred from federal programs are two of the penalties.
HIPAA (Privacy & Security Rules) [45 C.F.R. Parts 160–164]
HIPAA’s administrative enforcement can punish health information misused billing practices, despite its focus on patient privacy. Knowingly falsifying or selling patient records violates HIPAA’s wrongful disclosure prohibitions. Depending on severity, the HHS Office for Civil Rights may fine $100 to $50,000 per violation (annual max $1.5 million). HIPAA penalizes willfully obtaining PHI under false pretenses (up to 1 year in prison) or with intent to sell/use it (10 years). If billing fraud involves falsified patient records or intentional privacy breaches, HIPAA enforcement applies.
Exclusion Authorities
Healthcare fraud convictions result in fines and federal health program exclusion. Excluded providers cannot bill Medicare, Medicaid, or other programs. Even hiring an excluded medical assistant or biller accidentally can result in CMPL penalties and repayment. Thus, billing violations can result in license revocation.
Billing fraud can result in fines and license suspension from state laws and licensing boards. Billing violations can result in multimillion-dollar fines, treble damages, claim repayment, civil judgments, criminal prosecution, and federal program exclusion. According to DOJ officials, fraudulent billing wastes government resources and endangers community health and safety.
Recent Enforcement Examples
Many recent cases illustrate how billing errors lead to enforcement action:
Upcoding by Hospitalist Group (Michigan, 2023)
Multiple related hospitalist companies agreed to pay $4.38 million under the FCA in October 2023. DOJ said the groups “regularly upcoded” doctors’ inpatient E/M services and billed for “impossible days” of services. This case shows that FCA claims can result from excessive upcoding and billing.
Inflated Chronic Care Management Claims (Multi-State, 2024)
A Florida, Minnesota, and Wisconsin clinic operator paid $14.9 million to settle chronic-care upcoding allegations. The company submitted high-level E/M and chronic care management claims “that did not support the level of service provided” from 2015 to 2019. DOJ warns providers who “institute a practice of upcoding and unnecessary billing will be held accountable”. A five-year Corporate Integrity Agreement (CIA) requiring strict compliance audits was part of the settlement.
Phantom Psychotherapy Services (Missouri, 2025)
After admitting to billing Medicare and Missouri Medicaid for psychotherapy sessions he never provided, a Missouri psychiatrist and his practice settled for $501,556 FCA. The OIG claimed Dr. Malik billed for face-to-face psychotherapy while out of town or for services other staff provided under his provider number. DOJ noted that “billing for services not actually provided” is a classic false-claims violation.
Medically Unnecessary Inpatient Behavioral Health (National, 2024)
Acadia Healthcare, a major psychiatric hospital owner, paid $16.66M to the U.S. and ~$3.19M to state Medicaid programs to resolve unjustified inpatient care claims. Acadia was accused by the government of holding non-hospitalized patients longer than required. DOJ officials stated that “federal healthcare programs rely upon the honesty and credibility of participating providers” and promised to punish those who “exploit these programs for personal gain”.
These and other examples demonstrate that enforcement targets primary care, specialists, mental-health clinics, hospitals, and DME suppliers. In mid-2025, DOJ’s Health Care Fraud Takedown stated, “this is the largest takedown for this initiative to date”—proving that no sector is immune.
Preventing Billing Errors and Protecting Your Practice
Legal risk can be reduced by strong compliance controls and an accurate culture. Recommended safeguards:
Implement a Formal Compliance Program
Adopt written policies and a code of conduct, appoint a compliance officer (or team), and enforce clear standards, per HHS-OIG advice. OIG’s “seven-component” model for physician practices includes audits, written standards, a compliance contact, training, and disciplinary processes. A compliance program should focus on coding/billing for a small clinic or referral relationships for a specialty center, depending on practice size and risk.
Ongoing Training and Education
Make sure billing and coding staff understand the rules. It includes coders, billers, providers, and managers. Correct code assignment, medical necessity, documentation, and fraud laws should be taught. According to the AAFP, coding staff should receive “extensive instructions” on proper coding and “legal sanctions for fraudulent billing”. Since CPT/ICD and coverage rules change annually, updates are essential.
Use Qualified Coders
Use CPCs, CCSs, or experienced billing specialists whenever possible. Practices can outsource medical billing to reputable companies, but they must supervise. Keep coders up to date on CPT/HCPCS and specialty guidelines. Trained coders are less likely to upcode or unbundle accidentally.
Perform Regular Audits
Internally or externally audit claims periodically. At least five charts and claims per payer should be reviewed annually, according to the OIG. Audits should verify that billed services are medically necessary, documented, and legal. CMS data shows that even a common office visit code (99214) had over $560 million in improper payments in one year, “63.4% of [which] were linked to incorrect coding”. Self-audits spot issues early. If problems arise, retrain staff and update procedures. A coding expert suggests conducting regular self-audits to ensure that all services justify the codes.
Thorough Documentation
Maintain complete and accurate medical records for every encounter. History, exam, decision-making, and time spent must be detailed per E/M guidelines. The chart must support every claim. Correct missing signatures and illegible notes immediately. Even minor documentation gaps can cause audits or denials: CMS auditors found many Medicare claim errors with no or insufficient documentation.
Screen for Exclusions
Compare all suppliers, employees, and contractors to the federal OIG List of Excluded Individuals/Entities. False-practice liability can result from hiring a federally barred employee. CMPs and recoupments for excluded person services will be imposed by the OIG. Compliance requires monthly screening.
Maintain Open Communication
Encourage staff to report billing or compliance issues without fear. Even small practices can have a “open-door” policy or anonymous reporting. Stopping problems before they escalate is the goal. Quickly investigate and fix reported issues.
Self-Disclosure of Overpayments
Return audited overpayments immediately. Medicare requires repayment of overpayments for non-fraudulent errors. The OIG’s Self-Disclosure Protocol may help you identify fraudulent claims. OIG considers self-disclosure a “mitigating factor” in enforcement decisions when determining penalties for false claims. Consult counsel before disclosing, but hiding mistakes can have worse consequences.
Continuous Improvement
Maintain current billing and coding knowledge (annual CPT updates, NCCI edits, LCD/NCD policy changes). Use EHR or billing software edits to identify suspicious claims. Regularly assess and update your compliance program. The Bluestone chronic-care practice signed a five-year Corporate Integrity Agreement to “establish and maintain a compliance program” and have an independent entity audit future claims. Such harsh measures can be avoided with proactive measures.
These steps make compliance a routine part of operations, not an afterthought. We want every claim to be accurate. Avoiding fraud and abuse “will ensure that taxpayer funds serve the purposes for which they were intended,” said a DOJ official.”.
Expert Note
Prosecutors say that working together is good for honest providers. Brian Boynton of the DOJ said that billing federal health care programs incorrectly wastes government money and that agencies will go after providers who cheat taxpayers. Roger Handberg, the U.S. Attorney, also said that honest providers are important for federal health care programs and that those who take advantage of them will be punished. A good compliance program is good for business and keeps you safe from legal and reputational damage.
Join the conversation!